Detecting some fraud means casting wide net Think you've heard most of the tips about preventing identity theft?
You know, shredding documents, checking your credit reports and credit-card statements, keeping your Social Security number to yourself and not falling for phishing schemes or the infamous Nigerian scam.
Actually, there's no such thing as identity-theft prevention, experts say. But, you can reduce your exposure. Here are some ways not often spoken about:
Check for fraudulent account activity in your name, urged Troy Allen, chief fraud solutions officer at Kroll Inc. in Nashville, Tenn. You're entitled to a free consumer report once a year from each of two data warehouses, the Shared Check Authorization Network, which has retailers among its clients, and Chex Systems Inc., whose members are financial institutions. If someone has opened an account using your name, the details will show up on these reports.
Check your Social Security earnings and benefits statement each year. Someone may have stolen or purchased your identity and used it to get a job in your name, as some illegal immigrants are suspected of doing at the Swift Inc. meat processing plants in Colorado, Allen said. "They need your name to live." You'll be liable for the taxes on all that income until you prove it's not yours.
Find out if someone has stolen medical services using your name. If you've applied for life, health or disability insurance during the past seven years, you can find out what insurers know about you by calling the Medical Information Bureau at (866) 692-6901, Allen said. Be sure the codes on your free report match your medical history.
Medical identity theft is "when somebody builds up hospital bills or other medical bills using your name and Social Security number," said Linda Foley, founder of the nonprofit Identity Theft Resource Center in San Diego. You are responsible for the charges, unless you successfully dispute them.
Health-care thieves may target your wallet, mailbox, discarded billing statements or a provider's database, said Alex Johnson, head of the special investigative unit at The Regence Group in Portland, Ore., an affiliation of health-care plans. Never give out your health-insurance number and be sure to study your medical bills and explanations of benefits just as you would a bank statement.
Don't let your teen download free music and videos. Not only does it illegally infringe copyrights, but cybercriminals can download a remote-control tool into the family computer that tracks everything anybody does on it, including typing in personal account numbers, warned Ken Colburn, founder of Data Doctors Franchise Systems Inc. in Tempe, Ariz.
Don't open e-greeting cards from strangers. You could be diverted to a third-party Web site that attaches a keylogger, sends it to your computer and then captures everything you do on it, said Roger Thompson, chief technology officer of Exploit Prevention Labs in Atlanta.
Don't carry your child's Social Security card and don't permit your teen to do so, urged the Council of Better Business Bureaus Inc. Also, don't let your child post his or her phone number, address or school name online. It's a red flag if credit-card offers or other notifications start arriving in your child's name.
Delete personal information from company and family Web sites. Be sure your information is not available via online directories and searchable databases, said Tom Walton, vice president at AlliedBarton Security Services in King of Prussia, Pa.
If someone calls and says you failed to appear for jury duty, don't give out any personal information, Foley said. "No county in the country is going to call you and ask you for information like that to remind you that you've failed to show up for jury duty."
Ask for details if you get a seemingly mistaken call from a creditor, urged Troy Allen. Don't hang up. "Find out why they think you are that person, because you might be." Don't give out any personal information.
Use one low-limit credit card exclusively for Internet shopping, said Jim Ruel, a senior vice president at The Hartford insurance company in Connecticut.
"We haven't even begun scratching the surface of what's going on out there," said Kroll's Allen. "We're not even close"
TORONTO -- Assurances from Winners and HomeSense that a security breach reported last month did not involve Canadian debit-card transactions isn't making much of dent with customers of the two retail chains.
Not much can keep them from their bargain hunting.
The deals to be found at Winners make the risk of becoming the victim of credit card fraud worthwhile, said Sherry Croney as she slowly sifted through the blouse racks at one of the chain's cavernous stores in downtown Toronto.
Croney said she never uses her credit card when clothes shopping, and even if she did, a security breach wouldn't stop her.
"The prices (are) unbelievable," she said. "You see really nice stuff that you'd normally see for like one-hundred-and-something and it's excellent."
Winners' president, Michael MacMillan, appealed to Canadian customers directly yesterday with full-page ads in at least two of the country's largest daily newspapers, saying he believed the transactions using debit cards issued by Canadian banks weren't involved in the breach.
"Based on our investigation, we can now report we believe transactions using debit cards issued by Canadian banks were not involved in the systems breach," the ad read.
MacMillan went on to reassure customers the company has beefed up security of its computer systems.
TJX Companies, the U.S. parent company of Winners and HomeSense, revealed last month it was the victim of a massive security breach.
The company discovered in mid-December that customers' credit and debit card information had been stolen from its computer network, which included data from its Winners and HomeSense stores in Canada.
Updating its investigation earlier this week, TJX noted that debit cards issued by Canadian banks didn't seem to have been compromised.
Take proactive steps to protect your identity, personal information.
GALESBURG - Lori Brittingham has first-hand experience with identity theft.
The East Galesburg resident became a victim in September when someone stole checks sent to her from her credit card company out of her mailbox. In November she noticed $6,300 of extra charges on her statement.
"(Whoever did it) called the credit card company and said they were me," Brittingham said. "They did it over the phone. Then the money was transferred from my credit card to their bank account."
Brittingham said the only information the thief needed was her mother's maiden name, which people who know her knew as well.
"They did five different transactions in a month's time, so I didn't know that this was going on," Brittingham said.
She made the mistake of not checking her statement in October. Instead, she wrote her usual check to the credit card company without verifying all the transactions registered to her account. She never noticed the checks were missing from her mailbox.
"I never look at those checks, I just tear them up and throw them away," Brittingham said. "They didn't come with the bill so I would've never known that I didn't get them."
Brittingham was able to prove she hadn't used the checks and the charges were removed from her account. And she learned her lesson about protecting personal information.
Chris Kieffer is the vice president for electronic banking for First Bank in St. Louis. He said people tend to be more reactive than proactive when it comes to protecting themselves from credit card fraud and identity theft.
"The biggest things I tell people to be aware of is stay in touch with your bank account, review credit card and bank statements and make sure there's nothing on them you don't recognize, and annually pull a credit report on yourself," Kieffer said. "These are proactive steps any consumer can take."
For credit card offers that are sent through the mail, Kieffer suggests a shredder. Most of those offers will have a lot of your personal information on them already.
"Protect that information about yourself," Kieffer said. "It's just as easy for somebody to tape it together as it is for you to tear it apart once or twice."
Kieffer said online banking is safe on bank sites, but to be cautious of fake e-mail correspondence from banks, called phishing. These e-mails claim to be your bank trying to secure personal information about you. They will link you to a site that looks similar to your banks site. Kieffer said banks will never send e-mails like that to your private account.
"Banks are never going to validate through that mechanism," he said. "If something doesn't look right, don't use it. If you have questions ask a branch employee."
For online shoppers, Kieffer advises getting to know the merchant.
"Make sure it's somebody reputable," he said. "Fraud happens after the fact when we don't know where we're shopping or who we're using as a vendor."
And Brittingham has some advice, too. After her experience she had the limit on her credit card lowered to only $300.
"Never have a limit that's more than you're willing to lose," she said. "Whatever you might spend if you were somewhere and needed to buy something."
And she's learned another lesson.
"I will read every statement that I get," she said. "It's just been a complete nightmare."
1. Keep an eye on your credit card every time you use it, and make sure you get it back as quickly as possible. Try not to let your credit card out of your sight whenever possible.
2. Be very careful to whom you give your credit card. Don't give out your account number over the phone unless you initiate the call and you know the company is reputable. Never give your credit card info out when you receive a phone call. (For example, if you're told there has been a 'computer problem' and the caller needs you to verify information.) Legitimate companies don't call you to ask for a credit card number over the phone.
3. Never respond to emails that request you provide your credit card info via email -- and don't ever respond to emails that ask you to go to a website to verify personal (and credit card) information. These are called 'phishing' scams.
4. Never provide your credit card information on a website that is not a secure site.
5. Sign your credit cards as soon as you receive them.
6. Shred all credit card applications you receive.
7. Don't write your PIN number on your credit card -- or have it anywhere near your credit card (in the event that your wallet gets stolen).
8. Never leave your credit cards or receipts lying around.
9. Shield your credit card number so that others around you can't copy it or capture it on a cell phone or other camera.
10. Keep a list in a secure place with all of your account numbers and expiration dates, as well as the phone number and address of each bank that has issued you a credit card. Keep this list updated each time you get a new credit card.
11. Only carry around credit cards that you absolutely need. Don't carry around extra credit cards that you rarely use.
12. Open credit card bills promptly and make sure there are no bogus charges. Treat your credit card bill like your checking account -- reconcile it monthly. Save your receipts so you can compare them with your monthly bills.
13. If you find any charges that you don't have a receipt for -- or that you don't recognize -- report these charges promptly (and in writing) to the credit card issuer.
14. Always void and destroy incorrect receipts.
15. Shred anything with your credit card number written on it.
16. Never sign a blank credit card receipt. Carefully draw a line through blank portions of the receipt where additional charges could be fraudulently added.
17. Carbon paper is rarely used these days, but if there is a carbon that is used in a credit card transaction, destroy it immediately.
18. Never write your credit card account number in a public place (such as on a postcard or so that it shows through the envelope payment window).
19. Ideally, it's a good idea to carry your credit cards separately from your wallet -- perhaps in a zippered compartment or a small pouch.
20. Never lend a credit card to anyone else.
21. If you move, notify your credit card issuers in advance of your change of address. If you suspect credit card fraud:
If your credit cards are lost or stolen, contact the issuer(s) immediately.
Most credit card companies have toll-free numbers and 24-hour service to deal with these emergencies -- they are eager to avoid credit card fraud.
According to US law, once you have reported the loss or theft of your credit card, you have no more responsibility for unauthorized charges. Further, your maximum liability under federal US law is $50 per credit card -- and many credit card issuers will even waive that fee for good customers.
If you follow all these tips, it will go a long way in protecting you from credit card fraud.
If you are accepting online orders and would like to greatly reduce your exposure to credit card and check fraud, implementing protective measures can reduce online fraud by approximately 80%.
Please note: Some of the techniques contained below require a working knowledge of .cgi scripts and HTML coding. We cannot provide technical support or explanations for non-members. However, most competant webmasters will be able to easily implement these tools and techniques.
This material is adapted from a series of articles written by the founder of AntiFraud.Com that originally appeared in the online newletter The VirtualPromote Gazette.
The Internet is the perfect environment for every crook, thief, and pickpocket to ply their trade with almost complete anonymity. Being in the online software business, I have seen a tremendous increase in fraudulent purchases made with stolen credit card information. In many cases, the thief has more complete and current information about the actual cardholder than the credit card company. In some cases, credit card numbers that receive an approval number turn out to be totally fictitious numbers -- based on the algorithm used to produce authentic numbers.
I recently formed an alliance with a large merchant account provider specializing in providing credit card merchant accounts for Internet and Home-Based businesses. Through working closely with the credit card companies and other online merchants, I know the bottom line is this: You, as a merchant, are the one who is going to get stiffed! The cardholder is not responsible for more than $50 of fraudulent purchases. The issuing bank of a stolen credit card really doesn't care because they will simply charge the merchant back for any fraudulent purchases, plus a $10-$15 charge back fee. In fact, the issuing banks actually make $50 on these situations. They get the $50 from the cardholder (the cardholder's obligation), then they charge back each and every merchant for all the fraudulent charges.
So why is this situation getting so bad? Technology! Yes, the very same technology that allows us to have a profitable online business also allows others to rip us off. The advent of free, web-based, non-ISP e-mail addresses such as @hotmail.com, @usa.net, @juno.com and the hundreds of e-mail forwarding addresses afford a credit card thief a perfect veil to hide behind. The free e-mail addresses can't be traced back to the real owner;it usually takes a court order to get an e-mail forwarding service to disclose customer information. For those of us in the software, subscription or membership business, the e-mail address is the only point of contact we have. That address is where our products are shipped.
To make matters worse, there are now underground software programs available that can generate an unlimited number of mathmaticaly valid, yet fictitious credit card numbers. Combine that with complete anonymity and it spells big trouble for any business conducting online commerce. In addition, there are newsgroups out there that actually post stolen credit card data. So someone picks your pocket now and ten minutes later all your data is available world-wide.
So, what can you, as a merchant, do to protect yourself -- short of not accepting online credit card orders? Over the last few month, my company has had to establish certain procedures for all online orders:
1. No order is accepted unless complete information is provided including full address and phone numbers.
2. We no longer accept any order originating from a free, web-based, or e-mail forwarding address -- the customer must provide an ISP or domain based address: one that can be traced back to a "real" person.
3. Since the list of these types of e-mail addresses is growing daily, we check every e-mail address by going to a browser and putting a www in front of the domain. Try this with joesmith@cyberdude.com -- you will see that www.cyberdude.com puts you on I-names' (150+ free e-mail domains) homepage. We don't accept orders unless the e-mail/domain is a legitimate website or ISP -- something that can provide definitive identification of the e-mail address in question. This method is not fool-proof. When in doubt, go to step number 4.
4. If in doubt, we call the phone number listed on the order. We have alerted many cardholders that their card information was being used by making this phone call. On the other hand, the party on the other end may have never heard of the "customer." This results in a call to the issuing bank of the credit card to alert their fraud department.
5. We use the HTTP_USER_AGENT and REMOTE_ADDR code on all our order forms. This line works with most form handlers such as FormMail, cgiemail and others. The exact syntax varies with the form handler, but it provides information about the computer used to send the order, including the IP address. The IP address can then be traced to its owner -- usually an ISP. You can then contact the ISP System Administrator and inform them of the illegal activity. Members of AntiFraud.com are provided an automatied way to do this. Check the documentation for your particular form handler or cgi script for implementation of this input field.
6. Virtual Checks -- we receive a great number of orders via online virtual checks. While this has greatly increased our sales, the same cautions prevail. Having been burnt a few times, we now call the account holder's bank and verify the account number, account holder's name and current funds to clear the check before processing the order.
The Front Line of Defense
Isn't the policy of rejecting orders from free, web-based, or e-mail forwarding services a little severe?
After receiving several dozen credit card charge backs resulting from fraudulent orders placed exclusively through free, web-based, or e-mail forwarding addresses, we established the policy of not accepting orders from any of the over 700 such e-mail domains.
We have NEVER had a fraudulent order placed through a standard, ISP-based e-mail address. Conversely, EVERY fraudulent order has come through the free, web-based, or e-mail forwarding services.
Although adding the HTTP_USER_AGENT, REMOTE_ADDR line to your form handler to capture a "customer's" IP address helps, sometimes this information really isn't very useful. There are several sites that a crook can log onto before proceeding to any of the web-based e-mail services that offer total protection of your identity -- when you log onto one of these sites -- you are reissued a random IP address and they keep absolutely no logs of this. Hence, I can log onto one of these sites, go to the hotmail site and send e-mail, or go to a site to buy something, with absolutely no possibility of being traced.
If someone places an order using a standard, ISP based e-mail address such as joe@ix.netcom.com, it is fairly easy to track this individual. However, it is very difficult to track the identity of someone using one of the free e-mail services -- and if they know what they are doing,it is absolutely impossible.
All we are asking for, as a merchant, is positive identification. Would you accept a check from someone using someone else's ID? Would you accept a credit card purchase if someone signed a different name to a charge slip than was listed on the card? Virtually everyone who has a free, web-based, or e-mail forwarding address also has a tracable ISP or domain based address. That is the address I accept for online orders -- nothing less.
Has the screening of all orders cut into your sales?
No. The vast majority of people using the free e-mail services use an ISP to access the Net. Every ISP I know of issues at least one e-mail address with every account. So onlinefraud@hotmail.com (which one of my employees, a Mr. John Smith of 111 main street) recently registered in about 30 seconds, also has a legitimate, more easily traceable ISP issued address. We simply inform our customers that we don't accept orders through free e-mail services and ask them to use their standard, ISP issued address. We do this by placing a link on our order forms to the redflag.htm. Members of AntiFraud.Com are provided an automated way to screen against this ever growing list. Granted, there are some honest folks out there who really, truly don't have anything but a Juno.com account -- so guess what - they can call us to place the order (yes, we have caller ID on our phones).
Are there problems with real-time ordering processing?
There are many services out there that offer (for a fee or percentage) to process your orders in real-time, while the customer is logged onto the site. The first question you need to answer is whether you need to use such a service. If you are selling any hard goods that are physically shipped to an address, the answer is no. Legally, you can not even charge the customer's card until the order has been shipped. However, the option of real-time processing is very attractive to software vendors or subscription services. This convenience does have its risk.
Many real-time order processors do absolutely no pre-screening of orders. If the credit card goes through verification, the order is processed and the "customer" is immediately given a serial number or subscription user name. You, as the merchant, won't ever find out about the fraudulent nature of the order until you receive the chargeback. Yes, these services will tell you they use the Address Verification Service to insure the address provided is what the credit card company has on record, but that does not mean that onlinefraud@hotmail.com is the actual owner of that card. I am currently working with a couple of real-time processing services that are installing the same fraud prevention measures that are available to members of AntiFraud.com
The last area of concern is shipping orders out of your own country. I can sum this up with a few short sentences. Make absolutely, positively sure that you have a legitimate order before shipping anything, including soft goods, across the border. Regardless of the circumstances, regardless of the proof you may have, regardless if you have a signed confession from the crook who stole your goods through a fraudulent order, if that order went across the border, you can basically kiss it good-bye. It's hard enough here in the states to get the proper authorities to do something about credit card fraud. Try getting the authorities in a foreign country to pursue such a matter!
To sum up the situation I believe fraud committed against merchants conducting online transactions is increasing dramatically, and will continue to do so. However, there is no need to panic. While many years ago it was safe in most places to leave your house with the doors unlocked, that is no longer true. While only six months ago is was safe to blindly accept any online order, that is no longer true. But, like locking the doors to your house, protecting yourself from online fraud is really not that big a deal. Some common sense, and a few specialized tools, policies and techniques usually will do the trick.
Thwarting More Advanced Thieves, and Those From Abroad
I have recently seen an increase in the number of fraudulent orders originating from European Educational Institute domains. This is probably being conducted by college student/hackers who gain access to the school's e-mail servers.
On these types of orders, call your credit card processor, give them the first 6 digits of the card number and ask for the name and phone number of the issuing bank. If you receive an order from Romania and the Card is issued by the "First National Bank of Chicago," I would think twice about processing the order.
Unfortunately, this type of fraud is ever-changing, ever-evolving. You circumvent one method and they discover a new one. I will post revelant news to AntiFraud.com as new trends become visible. To be instantly updated with this news, please consider becoming a member of AntiFraud.Com. On one front -- the site we have been working on is up and ready to assist you. But on the other front, it seems certain criminals out there are getting a little smarter when it comes to committing online fraud. If I didn't know better, I would swear these guys must have read my previous articles and have adjusted their methods to compensate.
However, there is no reason to panic. In any criminal activity there are usually three classes of perpetrators. First, you have you rank amateurs who are easily thwarted with simple precautions. Then you have "small-time hoods" who, while a little more proficient than the rank amateurs, are not much more of a threat. Then you have the professionals. These guys do this for a living and have enough smarts to outwit the precautions that deter the others. Fortunately, their numbers are few.
You may recall some of my previous suggestions for preventing the majority of online fraud. We no longer accept any orders from a free, or web-based, or e-mail forwarding address. This list is currently over 1500. Secondly, unless we recognize the e-mail domain as being from one of the large ISP's such as ibm.net, mci2000.com, earthlink.net, etc., we always go to a browser and put a "www." in front of the e-mail domain to look at the website associated with that domain. We make a determination from there where to check further. We also use coding on our order forms that captures the IP address of the sender.
So how has the game changed? We have encountered 3 different cases of this during the last two weeks. I am not making any accusations nor condemnations, nor am I suggesting that you refuse to accept orders from the individual cited in the example below. I am merely stating facts as we discovered them. You will have to draw you own conclusions. OK -- my lawyers say I can continue now:
On February 21, 1998 at 1:53a.m. EST, an individual placed an order for our Web Promotion Spider software using the name of Alex Williams from Nashville, Tennessee. "Alex" placed his order using a Master Card and the e-mail address of dknight@dknight.com. Since this is neither a free nor an ISP based e-mail address, I went to http://www.dknight.com. As of Sunday, March 01, 1998, the page had nothing more than an "under construction, come back later" notice.
This made me a little uneasy so I quickly went to http://antifraud.com/ipcheck.htm to do a WhoIs on the domain name of "dknight.com". I quickly found this domain is registered to a Mr. Fahad Al Blehed with both phone and fax numbers of 000-000-0000. This made me even more uneasy so I used the same form to WhoIs the IP address he was using at the time he placed the order. You know, it's funny, the IP address of 195.34.28.87 belongs to the PTTNET Dialup Network -- out of Moscow, Russia.
Now, you can call me paranoid or overly suspicious, but I sort of doubted that Mr. "Alex Williams" of Nashville, TN, was over in Russia placing an order for web promotion software for a site that barely existed. A quick call to VISA/Master Card security confirmed the card number provided belonged to neither "Alex Williams" nor "Fahad Blehed." The card was immediately put on hold while the actually card holder could be contacted and, needless to say, I did not process the order.
Had I processed the order, I would have been out not only the $100 software but also a $15 chargeback fee when the actual card holder disputed all the charges. So, was all the extra effort worth it? It took me less than 3 minutes to complete all the steps above, including the call to VISA. I saved a $115 plus a blemish on my merchant account record. Let's see, $115 for 3 minutes of work, that works out to $2,300 per hour. My corporate attorneys barely make that much :-)
In another case, we received an order from a shihwai@acsshell.net. This domain belongs to a Mr. Chong Shihwai of Shihwai Networks located in West Caldwell, NJ. Unfortunately, there is no such person. However, the individual that does live at the WhoIs-identified address for this domain has received over a half-dozen invoices from Internic for domains the real culprit has registered and is using as fronts to commit credit card fraud. In our case it was a stolen VISA card from Australia. The poor guy in West Caldwell has received hundreds of phone calls from merchants trying to track down Mr. Shihwai.
As a side note, I went the extra step in all these cases and contacted the System Administrators of both the hosting services and the ISPs to alert them to the illegal activity being conducted by these individuals. Hopefully, I stopped them from victimizing too many other merchants.
Review all the steps we use on our AntiFraud.Com site. Take an extra step or two if you are at all suspicious. You might save yourself and many others from getting burnt by these guys. If you would like additional tools and technology to automate these techniques, please consider becoming an active member of AntiFraud.Com. And, be careful out there.
CHICAGO -- A Boeing Co. laptop containing the names and Social Security numbers of 382,000 workers and retirees has been stolen, putting the employees at risk for identity theft and credit-card fraud.
The theft, which the company confirmed Tuesday, was the third such offense in over a year.
Files on the computer also contained home addresses, phone numbers and birth dates. Some of the files listed salary information.
"It's very disturbing to us when things like this happen, and there are certain steps you can take right away ... but we realize we need to go above and beyond those," said Tim Neale, a spokesman for Chicago-based Boeing.
The laptop was stolen earlier this month when an employee left it unattended, Neale said. He would not reveal where the theft happened, but said no proprietary, customer or supplier data were on the computer.
The computer was turned off when it was stolen and a password is needed to log on to its desktop, Neale said Wednesday.
"It's not necessarily an easy task to access the information there," he added.
Boeing began contacting current and former employees Tuesday night, Neale said.
Boeing will provide credit-monitoring services for three years for those affected by the latest theft, Neale said.
There is no evidence that any of the previous thefts have resulted in wrongdoing, he said.
A Boeing laptop containing information on roughly 160,000 current and former employees was stolen in November 2005. Then, in April, a laptop containing information on 3,600 employees and retirees was stolen.
Neale would not say whether any disciplinary action has been taken against the employee involved in the recent theft. However, he acknowledges that in each of the incidents company policy was violated.
"It's frustrating because obviously you don't want to see this happen," he said.
AUSTRALIA'S banks are positioning themselves for the final run to introduce smart credit cards after years of baulking at the cost of phasing out magnetic-stripe technology in favour of microchips.
The manoeuvring is being influenced by the federal Government's $1.1 billion welfare Access Card project, but fresh questions have arisen over whether or not smartcards will provide consumers with significantly improved protection from credit card fraud.
Banks have claimed major victories in cutting credit card fraud thanks to the implementation of crime busting computer systems that use neural networking technology to detect illicit transactions.
Visa Australia head of business development Vipin Kalra said computer systems enabled banks to almost halve the cost of credit card fraud over the past five years.
Credit card fraud rates had been cut from up to 0.05 per cent of total Australian credit card sales five years ago to less than 0.03 per cent, Mr Kalra said.
The most common forms of fraud were skimming and counterfeiting, he said.
The Australian Payments Clearing Association agrees that the highest card fraud losses by value stem from skimming and counterfeiting, but estimates 2006 credit card fraud at 0.039 per cent of card transactions, or $87.4 million.
"We've seen a big drop in fraud in Australia over the past couple of years," Mr Kalra said.
"(The drop is because of) the banks' ability to put a lot of monitoring systems in place so they can track activities on the card. Those systems are now starting to show their benefits."
ANZ Bank widely advertised its Falcon neural network as part of a campaign to establish its security credentials.
Falcon identifies anomalous credit card transactions and is one of three platforms the bank uses to manage credit card fraud.
The others - Eagle and Hunter - are merchant-oriented systems to track fraudulent credit card applications.
ANZ general manager of consumer cards Nick Reade said these systems had helped the bank cut credit card fraud by 60 per cent in the past five years.
He cited examples where Falcon detected the use of a stolen credit card before the cardholder knew his wallet had been purloined because of changes in the buying patterns detected by the bank's systems.
Systems such as Falcon were an important part of ANZ's drive to establish itself as the most security conscious Australian bank, he said.
"Pretty well everything we do nowadays we communicate that we take fraud very seriously," Mr Reade said. "A lot of our own internal research on what's important to customers - drivers of satisfaction, drivers of usage of credit cards - increasingly (show) what's coming out as number one is security."
Mr Kalra said the fraud-fighting capabilities of computer systems such as Falcon meant banks had not been under pressure to implement smart credit cards.
Microchip-enabled credit and debit cards have long been touted as an important tool in the fight against payment fraud by Visa.
Many Australian banks have argued that the costs of implementing smartcards was greater than the cost of fraud.
"We have to get (to smartcards) but because fraud is under control within the banking industry there isn't a huge urgency to just turn over all the cards over night," Mr Kalra said.
Commonwealth Bank general manager of product and market development Brian White said the success of crime-fighting technologies meant consumers were unlikely to notice big reductions in creditcard fraud following the introduction of smartcards.
"(With smartcards) the consumer on the street has the confidence that he's consistent with the current standard. Does that mean today he's at risk as a consequence? Well the data shows he's not measurably," Mr White said.
Mr Kalra's and Mr White's comments were made at the launch of the Australian Smartcard Users' Forum (ASUF) last week.
ASUF members include the big four banks. It was founded to pressure the federal Government to use private-sector payment networks to process transactions associated with the $1.1 billion welfare Access Card.
ASUF chair and NAB regional general manager for specialised businesses Bruce Munro said the group would work to manage any consumer concerns if banks were seen to be lagging behind the federal Government on using smartcards to protect consumers from fraud.
"One of the reasons we put the forum together was to try and manage perceptions like that," Mr Munro said.
"Another risk, I suppose, is that the use of a chipped Access Card may have some negative connotations that we have to manage for our own roll-outs,"
ANZ's Mr Reade declined to comment on the activities of his competitors but said smartcards would play an important role in protecting consumers from fraud such as credit card counterfeiting.
ANZ has issued 1 million smartcards and has a goal of converting all 3 million ANZ cards smartcards within a year.
The CBA, NAB and Westpac are yet to announce smartcard roll-out timetables.
The head of a Mumbai-based shipping company became the latest victim of online credit card fraud last month when miscreants used his account to buy thousands of rupees worth of airline tickets.
In a police complaint, Captain Ramesh Giridharilal Gulati, 67, chairman and managing director of Crystal Shipping Company Private Limited, said that “thieves” charged about Rs83,300 on his Standard Chartered card between November 8-11 when he was on an overseas trip to the Far East. The kicker is that the card was in his possession at the time of the “theft”!
Gulati, a Cuffe Parade resident, said, “I was shocked when I received my credit card statement for Rs83,296.40 on November 17. During my absence from India, someone had misused my card between November 8-10 to make 11 different transactions. The transactions were made to purchase airline tickets.” Gulati had gone on a business trip to Manila via Dubia on November 5. He returned to Mumbai on November 11.
“On November 10, I thought I had lost my card while checking out of the hotel in Manila,” he said. “I called my staff to call up Standard Chartered to report a lost card. However, during my transit period at Dubai airport on November 11, I found my card in my travel pouch. I informed the bank on November 13 that I had found the card. However, they had cancelled my card.”
Gulati received a statement for his old card on November 17. It listed 11 transactions - six on November 8, one on November 9 and four on November 10 - all for purchasing online tickets from various airlines.
The father of two then called the bank’s credit card division to report the “discrepancy”. The bank told him that they would investigate his complaint, and it would take a month’s time. On November 18, Gulati filed a complaint with the Azad Maidan police station. Prakash Khanvilkar, senior police inspector with the Azad Maidan police, said, “We have received a written complaint, but we cannot comment at this time. The case is under investigation.”
A spokesperson with Standard Chartered Bank on DN Road, also refused to comment, saying, “We cannot comment as it is under investigation.”
A thief goes through trash to find discarded receipts or carbons, and then uses your account numbers illegally.
A dishonest clerk makes an extra imprint from your credit or charge card and uses it to make personal charges.
You respond to a mailing asking you to call a long distance number for a free trip or bargain-priced travel package. You're told you must join a travel club first and you're asked for your account number so you can be billed. The catch! Charges you didn't make are added to your bill, and you never get your trip.
Credit and charge card fraud costs cardholders and issuers hundreds of millions of dollars each year. While theft is the most obvious form of fraud, it can occur in other ways. For example, someone may use your card number without your knowledge.
It's not always possible to prevent credit or charge card fraud from happening. But there are a few steps you can take to make it more difficult for a crook to capture your card or card numbers and minimize the possibility.
Guarding Against Fraud Here are some tips to help protect yourself from credit and charge card fraud.
Do:
Sign your cards as soon as they arrive.
Carry your cards separately from your wallet, in a zippered compartment, a business card holder, or another small pouch.
Keep a record of your account numbers, their expiration dates, and the phone number and address of each company in a secure place.
Keep an eye on your card during the transaction, and get it back as quickly as possible.
Void incorrect receipts.
Destroy carbons.
Save receipts to compare with billing statements.
Open bills promptly and reconcile accounts monthly, just as you would your checking account.
Report any questionable charges promptly and in writing to the card issuer.
Notify card companies in advance of a change in address.
Don't:
Lend your card(s) to anyone.
Leave cards or receipts lying around.
Sign a blank receipt. When you sign a receipt, draw a line through any blank spaces above the total.
Write your account number on a postcard or the outside of an envelope.
Give out your account number over the phone unless you're making the call to a company you know is reputable. If you have questions about a company, check it out with your local consumer protection office or Better Business Bureau.
Reporting Losses and Fraud If you lose your credit or charge cards or if you realize they've been lost or stolen, immediately call the issuer(s). Many companies have toll-free numbers and 24-hour service to deal with such emergencies. By law, once you report the loss or theft, you have no further responsibility for unauthorized charges. In any event, your maximum liability under federal law is $50 per card.
If you suspect fraud, you may be asked to sign a statement under oath that you did not make the purchase(s) in question.
For More Information
The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit www.ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.
Credit and debit card fraud is at a record low, despite growing volumes of transactions globally. A recent breach of security at a third-party card-processing plant in the US, which compromised up to 40-million card numbers globally, is unlikely to alter the statistics, says credit card company Visa.
Visa says industry efforts to combat fraud are paying off as card issuers tighten payment-processing security.
Jim Devlin of Visa's fraud department for central Europe, eastern Europe, the Middle East and Africa region (Cemea) says that last year only 6c of every $100 spent with credit cards was lost to fraud.
Counterfeit cards remain the highest contributors to fraud, at 47%, followed by lost and stolen cards at 29%, Devlin says.
Simon Dean of the same Visa fraud department says MasterCard, Visa and American Express, the three largest credit card companies, have aligned standards to which banks have to adhere to protect account holder information.
Despite this, the "phishing" of account holder information by the US card processor highlighted a flaw in the system.
Phishing is when customers' personal information, including account details and PIN number, is collected to conduct fraudulent transactions on internet and telephonic transactions.
About 22-million of all the account numbers at risk globally were of Visa cards, while about 14-million were of MasterCards.
Devlin says the effect of the US breach on customers was minimal, with about 20000 accounts compromised but not necessarily affected by fraud.
Last month, Visa said only 6000 of its South African account numbers had been compromised, and a number of those had expired.
MasterCard said 6000-7000 of the total number of MasterCards that had been exposed to risk were for South African accounts.
At the time only one South African account had been affected.
Standard Bank, SA's biggest credit card issuer, had identified about 1500 credit card customers who could potentially be affected, and all accounts were replaced with new ones as a security precaution.
"It was a highly unfortunate incident and one that hasn't done the industry any benefit," Dean says. He says while the financial loss from the card compromise in the US was small, the damage to the reputation of credit card companies was large.
"The last thing Visa would want is for the internet and e-commerce to be deemed insecure. The protection of data is most important," he says.
Dean says the US card compromise was still the subject of an FBI investigation in the US and it was still unclear how it happened.
Customer data that should not have been stored had been stored by the processor, he said.
Under an industry-wide security programme, banks, merchants and card processors have to adhere to certain security standards.
Dean says the move to chip-based cards will reduce fraud even further as it will take the responsibility away from merchants to ensure cards are authentic. Chip cards had successfully addressed this in France, where they were introduced in the 1990s.
Growth in card fraud between 1993 and 2003 had prompted the UK to move quickly to chip cards, Dean says.
But Devlin says it would be years before chip-based cards were rolled out world wide. Merchants would need special chip readers before the system was implemented.
CREDIT card fraud has cost consumers in Northern Ireland over £2m in just four years, it can be revealed.
However, the public has been warned that the full extent of the level of deception and identity frauds could be substantially higher because the majority of these crimes are never reported to police.
It is believed that the majority of the frauds involve instances of lost or stolen cards or 'skimming' crimes.
Security Minister Shaun Woodward revealed that the PSNI have dealt with 2,136 cases where criminal benefit had been obtained from credit card deceptions since 2002.
In response to a written parliamentary question from Strangford MP Iris Robinson, the Minister revealed that the total gain to criminals was £2,305,061.
He said: "I am assured that the PSNI Cheque and Credit Card Unit is working closely with all relevant agencies and is involved in a number of different initiatives in an effort to combat credit card fraud.
"These figures are based on incidents reported to the police.
"The true figure could be significantly higher as much of this type of crime is not reported directly to the police, but rather financial institutions such as banks."
Strangford MP Iris Robinson said: "It is alarming that already in 2005 almost half a million pounds has been lost through credit card deception in Northern Ireland, which is more than the full-year totals both for 2002 and 2003.
"The figures provided by the Minister of course represent only a fraction of the real total.
"Clearly there is a significant amount of this form of crime occurring in Northern Ireland. The public need to be watchful regarding protection of their personal details."
I take issue with USA TODAY's article "Credit card fraud hits small online merchants hard" (Money, June 28).
Protecting cardholder information and preventing fraud are job one at Visa. Our company has invested billions of dollars in the industry's most advanced anti-fraud technologies, resulting in an all-time low fraud rate of 5 cents per $100 transacted.
Some readers might infer from the story that merchants alone bear the cost of fraud. They should know that in a majority of transactions — those where the card is present at the point of sale — liability rests with the bank issuing the card, as long as the merchant follows simple steps for card authentication.
For card-not-present sales, Visa has put in place multiple tools to help merchants avoid fraud-related costs.
For example, our Verified by Visa authentication service transfers fraud liability costs from the merchant onto the card-issuing bank. Our Card Verification Value 2 technology helps verify that online customers are in physical possession of the card. Utilizing the Address Verification Service allows online merchants to match the purchaser's billing address to the billing address of the actual cardholder on file with the issuing institution.
Fighting fraud is a role that financial institutions and merchants alike must play. I urge merchants to visit www.visa.com/merchants to find out more about our fraud prevention technologies.
Merchants should also contact their financial institution and/or processor to determine which fraud-fighting services are available for use on behalf of our shared customer: the U.S. consumer.
John Shaughnessy Jr., Senior vice president, Risk Management Visa USA, San Francisco
